Condense and simplify TLS methods.

Historically, OpenSSL has had client and server specific methods - the only
difference between these is that the .ssl_connect or .ssl_accept function
pointer is set to ssl_undefined_function, with the intention of reducing
code size for a statically linked binary that was only a client or server.
These days the difference is minimal or non-existant in many cases and
we can reduce the amount of code and complexity by having single method.

Internally remove all of the client and server specific methods,
simplifying code in the process. The external client/server specific API
remain, however these now return the same thing as TLS_method() does.

ok tb@

7 files changed, 73 insertions, 442 deletions

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 3d11aaaf363..88b82c44004 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.74 2020/10/03 18:01:55 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.75 2020/10/11 02:22:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -911,7 +911,7 @@ ssl3_get_server_hello(SSL *s)
 	}
 	s->version = server_version;
 
-	if ((method = ssl_get_client_method(server_version)) == NULL) {
+	if ((method = ssl_get_method(server_version)) == NULL) {
 		SSLerror(s, ERR_R_INTERNAL_ERROR);
 		goto err;
 	}
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 6e375e1c099..b306137c142 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.234 2020/09/24 18:12:00 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.235 2020/10/11 02:22:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -345,7 +345,7 @@ SSL_new(SSL_CTX *ctx)
 		goto err;
 
 	s->references = 1;
-	s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1;
+	s->server = 0;
 
 	SSL_clear(s);
 
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index e47f6191c20..e341e9eda2e 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.301 2020/10/11 01:16:31 guenther Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.302 2020/10/11 02:22:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1121,11 +1121,7 @@ int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher,
     uint16_t min_ver, uint16_t max_ver);
 
 const SSL_METHOD *tls_legacy_method(void);
-const SSL_METHOD *tls_legacy_client_method(void);
-const SSL_METHOD *tls_legacy_server_method(void);
-
-const SSL_METHOD *ssl_get_client_method(uint16_t version);
-const SSL_METHOD *ssl_get_server_method(uint16_t version);
+const SSL_METHOD *ssl_get_method(uint16_t version);
 
 extern SSL3_ENC_METHOD TLSv1_enc_data;
 extern SSL3_ENC_METHOD TLSv1_1_enc_data;
diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c
index ddfb8dfdba2..23c7e97b574 100644
--- a/lib/libssl/ssl_methods.c
+++ b/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.17 2020/10/03 17:54:27 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.18 2020/10/11 02:22:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -59,45 +59,6 @@
 #include "ssl_locl.h"
 #include "tls13_internal.h"
 
-static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
-	.version = DTLS1_VERSION,
-	.min_version = DTLS1_VERSION,
-	.max_version = DTLS1_VERSION,
-	.ssl_new = dtls1_new,
-	.ssl_clear = dtls1_clear,
-	.ssl_free = dtls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = dtls1_read_bytes,
-	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD DTLSv1_client_method_data = {
-	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &DTLSv1_client_method_internal_data,
-};
-
-const SSL_METHOD *
-DTLSv1_client_method(void)
-{
-	return &DTLSv1_client_method_data;
-}
-
-const SSL_METHOD *
-DTLS_client_method(void)
-{
-	return DTLSv1_client_method();
-}
-
 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
 	.version = DTLS1_VERSION,
 	.min_version = DTLS1_VERSION,
@@ -126,231 +87,39 @@ static const SSL_METHOD DTLSv1_method_data = {
 };
 
 const SSL_METHOD *
-DTLSv1_method(void)
+DTLSv1_client_method(void)
 {
 	return &DTLSv1_method_data;
 }
 
 const SSL_METHOD *
-DTLS_method(void)
+DTLSv1_method(void)
 {
-	return DTLSv1_method();
+	return &DTLSv1_method_data;
 }
 
-static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
-	.version = DTLS1_VERSION,
-	.min_version = DTLS1_VERSION,
-	.max_version = DTLS1_VERSION,
-	.ssl_new = dtls1_new,
-	.ssl_clear = dtls1_clear,
-	.ssl_free = dtls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = dtls1_read_bytes,
-	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD DTLSv1_server_method_data = {
-	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &DTLSv1_server_method_internal_data,
-};
-
 const SSL_METHOD *
 DTLSv1_server_method(void)
 {
-	return &DTLSv1_server_method_data;
-}
-
-const SSL_METHOD *
-DTLS_server_method(void)
-{
-	return DTLSv1_server_method();
-}
-
-#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
-static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
-	.version = TLS1_3_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_3_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = tls13_legacy_connect,
-	.ssl_shutdown = tls13_legacy_shutdown,
-	.ssl_renegotiate = ssl_undefined_function,
-	.ssl_renegotiate_check = ssl_ok,
-	.ssl_pending = tls13_legacy_pending,
-	.ssl_read_bytes = tls13_legacy_read_bytes,
-	.ssl_write_bytes = tls13_legacy_write_bytes,
-	.ssl3_enc = &TLSv1_3_enc_data,
-};
-
-static const SSL_METHOD TLS_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLS_client_method_internal_data,
-};
-#endif
-
-static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl_undefined_function,
-	.ssl_renegotiate_check = ssl_ok,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLS_legacy_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLS_legacy_client_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
-	.version = TLS1_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_client_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
-	.version = TLS1_1_VERSION,
-	.min_version = TLS1_1_VERSION,
-	.max_version = TLS1_1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_1_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_1_client_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_2_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLSv1_2_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_2_client_method_internal_data,
-};
-
-const SSL_METHOD *
-SSLv23_client_method(void)
-{
-	return (TLS_client_method());
-}
-
-const SSL_METHOD *
-TLS_client_method(void)
-{
-#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
-	return (&TLS_client_method_data);
-#else
-	return tls_legacy_client_method();
-#endif
-}
-
-const SSL_METHOD *
-tls_legacy_client_method(void)
-{
-	return (&TLS_legacy_client_method_data);
+	return &DTLSv1_method_data;
 }
 
 const SSL_METHOD *
-TLSv1_client_method(void)
+DTLS_client_method(void)
 {
-	return (&TLSv1_client_method_data);
+	return DTLSv1_method();
 }
 
 const SSL_METHOD *
-TLSv1_1_client_method(void)
+DTLS_method(void)
 {
-	return (&TLSv1_1_client_method_data);
+	return DTLSv1_method();
 }
 
 const SSL_METHOD *
-TLSv1_2_client_method(void)
+DTLS_server_method(void)
 {
-	return (&TLSv1_2_client_method_data);
+	return DTLSv1_method();
 }
 
 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
@@ -491,9 +260,9 @@ static const SSL_METHOD TLSv1_2_method_data = {
 };
 
 const SSL_METHOD *
-SSLv23_method(void)
+TLS_client_method(void)
 {
-	return (TLS_method());
+	return TLS_method();
 }
 
 const SSL_METHOD *
@@ -507,236 +276,102 @@ TLS_method(void)
 }
 
 const SSL_METHOD *
+TLS_server_method(void)
+{
+	return TLS_method();
+}
+
+const SSL_METHOD *
 tls_legacy_method(void)
 {
 	return (&TLS_legacy_method_data);
 }
 
 const SSL_METHOD *
-TLSv1_method(void)
+SSLv23_client_method(void)
 {
-	return (&TLSv1_method_data);
+	return TLS_method();
 }
 
 const SSL_METHOD *
-TLSv1_1_method(void)
+SSLv23_method(void)
 {
-	return (&TLSv1_1_method_data);
+	return TLS_method();
 }
 
 const SSL_METHOD *
-TLSv1_2_method(void)
+SSLv23_server_method(void)
 {
-	return (&TLSv1_2_method_data);
+	return TLS_method();
 }
 
-#ifdef LIBRESSL_HAS_TLS1_3_SERVER
-static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
-	.version = TLS1_3_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_3_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = tls13_legacy_accept,
-	.ssl_connect = ssl_undefined_function,
-	.ssl_shutdown = tls13_legacy_shutdown,
-	.ssl_renegotiate = ssl_undefined_function,
-	.ssl_renegotiate_check = ssl_ok,
-	.ssl_pending = tls13_legacy_pending,
-	.ssl_read_bytes = tls13_legacy_read_bytes,
-	.ssl_write_bytes = tls13_legacy_write_bytes,
-	.ssl3_enc = &TLSv1_3_enc_data,
-};
-
-static const SSL_METHOD TLS_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLS_server_method_internal_data,
-};
-#endif
-
-static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl_undefined_function,
-	.ssl_renegotiate_check = ssl_ok,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLS_legacy_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLS_legacy_server_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
-	.version = TLS1_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_server_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = {
-	.version = TLS1_1_VERSION,
-	.min_version = TLS1_1_VERSION,
-	.max_version = TLS1_1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_1_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_1_server_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_2_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLSv1_2_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_2_server_method_internal_data,
-};
+const SSL_METHOD *
+TLSv1_client_method(void)
+{
+	return (&TLSv1_method_data);
+}
 
 const SSL_METHOD *
-SSLv23_server_method(void)
+TLSv1_method(void)
 {
-	return (TLS_server_method());
+	return (&TLSv1_method_data);
 }
 
 const SSL_METHOD *
-TLS_server_method(void)
+TLSv1_server_method(void)
 {
-#ifdef LIBRESSL_HAS_TLS1_3_SERVER
-	return (&TLS_server_method_data);
-#else
-	return tls_legacy_server_method();
-#endif
+	return (&TLSv1_method_data);
 }
 
 const SSL_METHOD *
-tls_legacy_server_method(void)
+TLSv1_1_client_method(void)
 {
-	return (&TLS_legacy_server_method_data);
+	return (&TLSv1_1_method_data);
 }
 
 const SSL_METHOD *
-TLSv1_server_method(void)
+TLSv1_1_method(void)
 {
-	return (&TLSv1_server_method_data);
+	return (&TLSv1_1_method_data);
 }
 
 const SSL_METHOD *
 TLSv1_1_server_method(void)
 {
-	return (&TLSv1_1_server_method_data);
+	return (&TLSv1_1_method_data);
 }
 
 const SSL_METHOD *
-TLSv1_2_server_method(void)
+TLSv1_2_client_method(void)
 {
-	return (&TLSv1_2_server_method_data);
+	return (&TLSv1_2_method_data);
 }
 
 const SSL_METHOD *
-ssl_get_client_method(uint16_t version)
+TLSv1_2_method(void)
 {
-	if (version == TLS1_3_VERSION)
-		return (TLS_client_method());
-	if (version == TLS1_2_VERSION)
-		return (TLSv1_2_client_method());
-	if (version == TLS1_1_VERSION)
-		return (TLSv1_1_client_method());
-	if (version == TLS1_VERSION)
-		return (TLSv1_client_method());
-	if (version == DTLS1_VERSION)
-		return (DTLSv1_client_method());
+	return (&TLSv1_2_method_data);
+}
 
-	return (NULL);
+const SSL_METHOD *
+TLSv1_2_server_method(void)
+{
+	return (&TLSv1_2_method_data);
 }
 
 const SSL_METHOD *
-ssl_get_server_method(uint16_t version)
+ssl_get_method(uint16_t version)
 {
 	if (version == TLS1_3_VERSION)
-		return (TLS_server_method());
+		return (TLS_method());
 	if (version == TLS1_2_VERSION)
-		return (TLSv1_2_server_method());
+		return (TLSv1_2_method());
 	if (version == TLS1_1_VERSION)
-		return (TLSv1_1_server_method());
+		return (TLSv1_1_method());
 	if (version == TLS1_VERSION)
-		return (TLSv1_server_method());
+		return (TLSv1_method());
 	if (version == DTLS1_VERSION)
-		return (DTLSv1_server_method());
+		return (DTLSv1_method());
 
 	return (NULL);
 }
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index d805419de43..be5cbbeec64 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.100 2020/09/19 09:56:35 tb Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.101 2020/10/11 02:22:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -797,7 +797,7 @@ SSL_set_session(SSL *s, SSL_SESSION *session)
 		return SSL_set_ssl_method(s, s->ctx->method);
 	}
 
-	if ((method = ssl_get_client_method(session->ssl_version)) == NULL) {
+	if ((method = ssl_get_method(session->ssl_version)) == NULL) {
 		SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
 		return (0);
 	}
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 1e926408356..3b848f4b402 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.86 2020/10/03 18:01:55 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.87 2020/10/11 02:22:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -868,7 +868,7 @@ ssl3_get_client_hello(SSL *s)
 	s->client_version = client_version;
 	s->version = shared_version;
 
-	if ((method = ssl_get_server_method(shared_version)) == NULL) {
+	if ((method = ssl_get_method(shared_version)) == NULL) {
 		SSLerror(s, ERR_R_INTERNAL_ERROR);
 		goto err;
 	}
diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c
index e9e17293e12..943e2db9a18 100644
--- a/lib/libssl/tls13_legacy.c
+++ b/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_legacy.c,v 1.15 2020/10/07 10:14:45 tb Exp $ */
+/*	$OpenBSD: tls13_legacy.c,v 1.16 2020/10/11 02:22:27 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -302,6 +302,8 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx)
 
 	memset(&cbb, 0, sizeof(cbb));
 
+	s->method = tls_legacy_method();
+
 	if (!ssl3_setup_init_buffer(s))
 		goto err;
 	if (!ssl3_setup_buffers(s))
@@ -359,13 +361,12 @@ tls13_use_legacy_client(struct tls13_ctx *ctx)
 {
 	SSL *s = ctx->ssl;
 
-	s->method = tls_legacy_client_method();
-	s->internal->handshake_func = s->method->internal->ssl_connect;
-	s->client_version = s->version = s->method->internal->max_version;
-
 	if (!tls13_use_legacy_stack(ctx))
 		return 0;
 
+	s->internal->handshake_func = s->method->internal->ssl_connect;
+	s->client_version = s->version = s->method->internal->max_version;
+
 	S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
 
 	return 1;
@@ -376,14 +377,13 @@ tls13_use_legacy_server(struct tls13_ctx *ctx)
 {
 	SSL *s = ctx->ssl;
 
-	s->method = tls_legacy_server_method();
+	if (!tls13_use_legacy_stack(ctx))
+		return 0;
+
 	s->internal->handshake_func = s->method->internal->ssl_accept;
 	s->client_version = s->version = s->method->internal->max_version;
 	s->server = 1;
 
-	if (!tls13_use_legacy_stack(ctx))
-		return 0;
-
 	S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
 
 	return 1;